Export limit exceeded: 349374 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10667 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21450 | 1 Samsung | 1 One Hand Operation \+ | 2025-03-24 | 2.3 Low |
| Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting. | ||||
| CVE-2024-38707 | 1 Wpdeveloper | 1 Embedpress | 2025-03-24 | 6.3 Medium |
| Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4. | ||||
| CVE-2021-25087 | 1 W3eden | 1 Download Manager | 2025-03-21 | 7.5 High |
| The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25). | ||||
| CVE-2025-24974 | 1 Dataease | 1 Dataease | 2025-03-21 | 6.5 Medium |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available. | ||||
| CVE-2025-27138 | 1 Dataease | 1 Dataease | 2025-03-21 | 9.8 Critical |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known workarounds are available. | ||||
| CVE-2022-34397 | 1 Dell | 3 Evasa Provider Virtual Appliance, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2025-03-21 | 6.9 Medium |
| Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized. | ||||
| CVE-2023-0133 | 1 Google | 2 Android, Chrome | 2025-03-20 | 6.5 Medium |
| Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2022-45168 | 1 Liveboxcloud | 1 Vdesk | 2025-03-20 | 6.5 Medium |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes before checking the TOTP. | ||||
| CVE-2024-38783 | 1 Tychesoftwares | 2 Acronix Faq, Arconix Faq | 2025-03-20 | 5.3 Medium |
| Missing Authorization vulnerability in Tyche Softwares Arconix FAQ allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix FAQ: from n/a through 1.9.4. | ||||
| CVE-2024-38769 | 1 Tychesoftwares | 1 Arconix Shortcodes | 2025-03-20 | 5.3 Medium |
| Missing Authorization vulnerability in Tyche Softwares Arconix Shortcodes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix Shortcodes: from n/a through 2.1.11. | ||||
| CVE-2023-24524 | 1 Sap | 1 S\/4hana | 2025-03-20 | 6.5 Medium |
| SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability. | ||||
| CVE-2023-24528 | 1 Sap | 1 Fiori | 2025-03-20 | 6.5 Medium |
| SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally exposed over the network and successful exploitation can lead to exposure of data like travel documents. | ||||
| CVE-2023-0019 | 1 Sap | 1 Grc Process Control | 2025-03-20 | 6.5 Medium |
| In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the database. Successful exploitation of this vulnerability can expose user credentials from client-specific tables of the database, leading to high impact on confidentiality. | ||||
| CVE-2024-22298 | 1 Tms-outsource | 1 Amelia | 2025-03-20 | 5.3 Medium |
| Missing Authorization vulnerability in TMS Amelia ameliabooking.This issue affects Amelia: from n/a through 1.0.98. | ||||
| CVE-2024-34799 | 1 Reputeinfosystems | 1 Bookingpress | 2025-03-20 | 6.5 Medium |
| Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.82. | ||||
| CVE-2024-36265 | 1 Apache | 1 Submarine | 2025-03-19 | 9.8 Critical |
| ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-43331 | 1 Veronalabs | 1 Wp Sms | 2025-03-19 | 5.3 Medium |
| Missing Authorization vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.9.3. | ||||
| CVE-2024-32143 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | 4.3 Medium |
| Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0. | ||||
| CVE-2023-25768 | 1 Jenkins | 1 Azure Credentials | 2025-03-19 | 6.5 Medium |
| A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. | ||||
| CVE-2023-25766 | 1 Jenkins | 1 Azure Credentials | 2025-03-19 | 4.3 Medium |
| A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||